I think the challenge for blockchains in complying with GDPR will be it's clause about the "Right to be forgotten". I don't see how it will be possible in a blockchain such as Steemit where everything is immortalized after the data is entered in. I am curious why we did not get the same updated privacy terms on our emails from Steemit. Could it be because we consented on it beforehand?
As I recall, GPDR is under European regulation. Perhaps due to the decentralized nature of Steemit there is currently nothing for Steemit Inc to worry about.
In terms of personal information on the blockchain, I remember reading a piece which discussed using the chain to access personal data that is stored off chain rather than on to give ownership of data. Not sure how this would work in practice.
I hope regulation won't stifle the progress of social blockchains.